Description
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
Remediation
References
https://github.com/developmentil/ecdh/issues/3
Related Vulnerabilities
CVE-2020-36180 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-25901 Vulnerability in npm package cookiejar
CVE-2016-3081 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-28471 Vulnerability in npm package properties-reader
CVE-2017-16010 Vulnerability in maven package org.webjars.bower:i18next